Filter
Top Products
5-5
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 5 Configuring the Layer 2 Tunnel Protocol Access Concentrator and Network Server
Layer 2 Access Concentrator
Static Tunnel Selection
The static tunnel selection feature specifies a domain name for a PVC on an ATM interface. The LAC
uses the specified domain name to select a tunnel for all PPP sessions originating from the PVC. This
feature ignores the domains subscribers indicate in their usernames and forces the subscribers to a
specific destination.
The vpn service domain-name command in ATM VC configuration mode configures the domain-name
on the specified PVC. The vpn service domain-name command in ATM VC class configuration mode
configures the domain-name on all virtual circuits in the VC class.
Per User Tunnel Selection
The per user tunnel selection feature specifies that the LAC use the entire structured PPP username to
select a tunnel for forwarding an incoming session. Instead of sending the domain name, the LAC sends
the entire structured PPP username to the authentication, authorization, and accounting (AAA) server.
The AAA server provides the VPDN tunnel attributes for the user, indicating which tunnel the LAC can
use to forward the session.
The authen-before-forward command in VPDN group configuration mode configures the per user
tunnel selection feature.
Note When tunneling from a LAC to an LNS using L2TP, when you use the authen-before-forward
command to configure the LAC to authenticate the user to RADIUS before negotiating a tunnel with the
LNS, the user is authenticated and the LAC uses RADIUS information to determine if it should terminate
a PPPoX session as PPP terminated aggregation (PTA) or forward the session to the LNS.
Dynamic Tunnel Selection
The dynamic tunnel selection feature enables the LAC to use the client-supplied domain in the PPP
username to select a tunnel for forwarding an incoming session. You must configure a VPDN group on
the LAC for each possible domain that a user might indicate.
Note You can restrict a user from certain domains by using domain preauthorization and tunnel service
authorization. For more information, see the “Tunnel Service Authorization” section on page 5-4.
Sessions per Tunnel Limiting
The sessions per tunnel limiting feature specifies the maximum number of sessions initiated within an
L2TP tunnel. The initiate-to ip command in VPDN group configuration mode configures the session per
tunnel limiting feature. The command syntax is:
initiate-to ip ipaddress [limit limit-number] [priority priority-number]
Because the sessions per tunnel limiting feature enables you to specify the maximum number of VPDN
sessions terminating at any L2TP network server (LNS), you can keep corporate router utilization at a
more predictable level.